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Foreword 

Multicore  processors  have  become  standard  for  desktop  computers  since  2005,  and  are  now 
also  frequently  used  for  the  implementation  of  embedded  systems.  In  the  near  future,  many 
embedded  applications  including  safety  critical  ones  as  used  in  avionics,  automotive,  mission 
control  systems  will  run  on  multicore  processors.  For  this  reason,  programming  multicore 
processors  should  have  already  become  a  routine  engineering  practice.  However,  anybody  who 
experienced  programming  of  multicore  processors  will  acknowledge  the  difficulty  of 
implementing  concurrent  software  under  the  currently  dominating  thread-based  programming 
models:  Synchronisation,  deadlocks,  race  conditions,  weak  memory  models,  and  lack  of 
determinism  of  usual  multithreaded  software  are  extremely  difficult  to  tackle.  Ensuring 
determinism  and  correctness  with  respect  to  required  specifications  are  however  mandatory  for 
safety-critical  systems.  For  this  reason,  retrofitting  sequential  von  Neumann-style  programming 
models  to  multi-  threaded  programming  is  not  the  right  way  to  go  for  programming  such 
systems.  An  interesting  solution  to  this  problem  is  offered  by  model-based  design  methods 
where  one  can  automatically  generate  multithreaded  code  from  an  abstract  and  simplified,  yet 
formal  model,  using  a  provably  ‘correct-by-construction’  automatic  synthesis.  Using  the  popular 
synchronous  programming  paradigms  as  formal  models,  one  can  reach  such  objectives.  This 
way,  one  can  formally  verify  the  synchronous  models  of  the  systems,  and  once  these  are  proved 
correct,  code  can  be  automatically  generated  for  a  multicore  processor. 
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Preface 

In  this  proposal,  we  consider  and  integrate  two  different  model-based  design  flows  that  are 
based  on  synchronous  languages:  The  first  design  flow  starts  with  a  polychronous  model  that  is 
in  some  sense  a  process  network  whose  nodes  are  triggered  whenever  input  values  are 
available.  To  ensure  that  such  systems  are  deterministic  and  can  run  with  bounded  memory, 
clock  consistency  constraints  have  to  be  checked  that  are  defined  for  the  input  and  output 
streams  of  each  node.  One  has  to  additionally  determine  a  clock  consistent  schedule  for  the 
final  code  generation.  In  this  proposal,  we  will  develop  new  methods  to  ensure  clock  consistency 
in  that  we  will  reduce  the  problem  to  the  constructiveness  of  (poly)synchronous  programs.  This 
will  not  only  lead  to  new  procedures  to  check  clock  consistency,  but  due  to  the  constructive 
reasoning,  we  also  derive  schedules  for  code  generation,  and  we  can  implement  simulators  for 
polychronous  models. 

The  second  design  flow  starts  with  a  fully  synchronous  model  whose  reactions  are  triggered  by 
a  single  clock.  In  this  project,  we  will  first  develop  methods  to  decompose  such  a  synchronous 
system  into  components  that  communicate  via  elastic  buffers  instead  of  the  otherwise  used 
immediate  broadcast  communication.  Then,  we  continue  by  further  desynchronizing  these 
systems  in  that  no  longer  all  the  values  are  communicated  between  the  components,  but 
components  can  still  locally  decide  when  sufficiently  many  input  values  are  available.  Hence,  a 
polychronous  system  is  obtained,  and  we  will  ensure  that  the  constructiveness  of  the  original 
synchronous  system  is  preserved  during  these  design  steps.  We  will  additionally  make  sure  that 
given  temporal  properties  are  preserved  during  this  design  flow,  and  we  forbid  decompositions 
that  would  violate  these  specifications. 

Finally,  we  consider  the  automated  multithreaded  code  generation  for  the  obtained  constructive 
polychronous  models.  While  clock  consistent  schedules  are  already  determined  by  our 
analyses,  further  problems  have  to  be  solved  to  generate  efficient  multithreaded  code.  We  aim 
at  identifying  special  classes  of  polychronous  systems  that  simplify  the  code  generation  due  to 
the  constructive  information  flow  of  the  clocks.  For  example,  the  simplest  code  generator  is 
obtained  for  systems  where  the  information  flow  of  clocks  follow  the  computation  from  input 
values  to  output  values;  (however,  this  is  not  possible  for  all  programs).  Moreover,  we  optimize 
the  performance  by  clustering  nodes  into  single  threads,  and  we  consider  weak  memory  models 
to  automatically  synchronize  threads  where  necessary  taking  the  clock  information  into  account. 

Acknowledgement 
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Laboratories,  Wendy  Harrison  and  James  Lawton,  from  the  USAF  Office  of  Scientific  Research, 
for  supporting  this  collaborative  research. 
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Scientific  results  highlights  of  the  project 

The  major  results  of  the  project  over  the  evaluated  period  are  both  scientific  and  economical. 
Scientifically,  we  have  jointly  published  a  series  of  papers  [1,2,3]  establishing  constructive 
semantic  foundations  to  co-model  embedded  systems  using  heterogeneous  domain-specific 
languages:  the  polychronous  data-flow  language  Signal  and  the  imperative  synchronous 
language.  Reference  [3],  in  particular,  presents  the  first  constructive  semantics  of  polychronous 
systems.  Based  on  these  findings,  we  implemented  a  cross-complier,  Onyx,  allowing  to  bridge 
two  existing  synchronous  programming  environments:  Averest  (http://www.averest.org)  and 
Polychrony,  now  an  Eclipse-Polarsys  project,  https://www.polarsvs.orq/proiects/polarsys.pop. 
Economically,  our  project  and  its  impact  allowed  us  to  reach  new  contacts  with  Toyota  R&D, 
Mountain  View,  which  yielded  the  start  of  a  collaborative  project  described  below.  In  2016, 
Sandeep  Shukla  left  Virginia  Tech  to  join  NT  Kanpur  in  India. 

Visits  and  exchanges  supported  by  the  project 

The  visits  and  exchanges  supported  by  the  project  and  the  co-funded  INRIA  associate-project 
POLYCORE  over  the  funded  period  have  been  the  following: 

•  Visit  of  Jean-Pierre  Talpin  at  the  Virginia  Tech  Research  Laboratory  in  Arlington  from 
April  19  to  May  3,  2013. 

•  Visit  of  Jean-Pierre  Talpin  at  the  Virginia  Tech  Research  Laboratory  in  Arlington  from 
October  18  to  29,  2013. 

•  Visit  of  Jean-Pierre  Talpin  at  the  Virginia  Tech  Research  Laboratory  in  Arlington  from 
April  5  to  27,  2014. 

•  Visit  of  Jean-Pierre  Talpin  at  the  Virginia  Tech,  Falls  Church  Campus,  from  July  28  to 
September  10,  2014. 

•  Visit  of  Jean-Pierre  Talpin  at  the  Virginia  Tech,  Falls  Church  Campus,  from  November  4 
to  November  20,  2014. 

•  Visit  of  Jean-Pierre  Talpin  at  the  Virginia  Tech,  Falls  Church  Campus,  from  March  17  to 
April  2,  2015. 

•  Joint  organizational  participation  to  ACM-IEEE  MEMOCODE’15  (Austin,  Texas)  from 
September  19  to  28,  2015. 

•  Joint  workshop  at  UC  San  Diego,  California,  from  November  21  to  27,  2015. 

Courses  and  dissemination  supported  by  the  project 

In  the  context  of  the  above  visits,  Jean-Pierre  Talpin  was  invited  to  give  Master-class  lectures  at 
the  Virginia  Tech  campus,  Falls  Church,  on: 

•  Constructive  semantics  of  synchronous  languages,  in  May  2013. 

•  An  introduction  to  the  UML  MARTE  and  CCSL,  in  October  2013. 

Complementary  funding  obtained  from  the  project  support 

In  the  frame  of  our  ongoing  collaboration,  and  thanks  to  the  project  support,  we  established 
professional  contact  with  fellow  researchers  at  Toyota  R&D,  Mountain  View  in  late  2013.  We 
jointly  submitted  a  collaborative  project  proposal  between  TR&D,  VTRL  and  INRIA.  The  topic  of 
the  proposal  is  the  model-based  formal  verification  and  integration  of  embedded  automotive 
architectures.  The  project  proposal  was  just  recently  accepted  and  officially  starts  this  month. 
We  will  receive  funding  which,  in  good  synergy  with  the  present  project,  will  allow  us  to  decouple 
our  research  and  development  capability  and  maximize  the  impact  of  our  project. 
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Thanks  to  the  support  of  the  present  project,  we  established  professional  contact  with  fellow 
researchers  at  Toyota  ITC,  Mountain  View  in  late  2013.  We  submitted  a  joint  project  proposal  to 
ITC,  which  was  accepted  and  received  an  additional  funding  of  approx.  120k$  from  April  2014  to 
April  2015,  shared  between  Virginia  Tech  and  INRIA.  The  topic  of  the  project  is  the  model-based 
formal  verification  and  integration  of  embedded  automotive  architectures.  In  the  context  of  that 
project,  we  jointly  published  additional  scientific  articles  [1,2,3],  including  an  invited  presentation 
at  ACM  DAC’15,  the  premier  system  design  conference. 
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